Your customer list is one of the most valuable things you own. We treat it that way.
Encryption
- All traffic encrypted in transit with TLS 1.2+.
- All data encrypted at rest with AES-256.
- Customer secrets stored in a dedicated secrets vault, never in app config.
Infrastructure
- Hosted on hardened, enterprise-grade US cloud regions.
- Isolated production environment with hardened images.
- Daily encrypted backups, 30-day retention, quarterly restore drills.
Access controls
- Least-privilege access for all employees; production access is logged.
- Mandatory hardware MFA for any account with access to customer data.
- Single sign-on (SSO) available on Pro plans.
Compliance
- TCPA / CAN-SPAM compliant by default in every template.
- GDPR / CCPA data subject requests honored within 30 days.
Data deletion
When you cancel, you can export your full data set as CSV. We permanently delete your production data within 30 days unless we’re legally required to retain it for accounting or fraud-prevention purposes.
Reporting a vulnerability
Found something? Email support@getoski.com. We respond to all reports within one business day and credit researchers in our hall of fame.